Data Storage Security in Cloud Data Center
With the development of cloud computing, cloud data centers are used more and more widely. More and more enterprises choose to use cloud data storage services. In this way, they need not buy expensive equipment or hire specialized personnel to manage data responsibilities. At present, the data storage security in cloud data center has become the first condition for enterprises to choose their own cloud platform (cloud data center). So, how to define data storage security? We can consider these aspects: data stability, high availability, data access security and data durable availability.
The data storage service provided by cloud data center should ensure the stability of each tenant’s access. It will not affect the normal business access of other tenants because of the sudden large number of I/O access to storage by individual tenants. In the design of SAN network architecture, the overload ratio between host and storage is considered to avoid congestion or performance degradation. At the same time, the core-edge SAN network design architecture is adopted to achieve flexible expansion. The response time and processing capacity of SAN network are fully considered in the selection of equipment, and low latency and high throughput are selected as far as possible. Technology and equipment meet the needs of a robust SAN network architecture. Cloud platform (cloud data center) should not only fully consider the above requirements in the design and construction stage, but also monitor SAN network, storage traffic, delay and other necessary monitoring means, and formulate strategies to deal with unexpected abnormal situations in time, such as using port isolation measures.
At present, the data storage devices used in cloud data centers are mainly divided into several categories, namely online storage, near-line storage and off-line storage. Data storage devices with high real-time and security requirements and high business continuity requirements are generally online storage. At present, online storage is mainly based on SAN, NAS or DAS architectures. Among them, SAN based on data blocks and NAS based on file network additional storage are very common. Unified Storage, which was introduced in recent two years, can support different storage protocols and provide unified data storage for host systems. More and more cloud data centers have adopted or plan to adopt such multi-protocol storage. Storage virtualization technology is used in cloud data center, which can pool and manage many kinds of traditional storage at the bottom, and meet the flexible storage needs of different tenants.
Data Access Security
Tenants accessing the stored data in cloud data center can adopt encryption technology in data transmission and data storage stages, which can increase the security of data to a certain extent. Cloud platform (cloud data center) manages tenant’s login through identity authentication, controls tenant’s access rights through service authorization, decentralization and so on. Using dynamic access control strategy can better adapt to the changeable tenant’s resource security and access requirements in cloud computing environment. In cloud computing environment, data access is realized by virtual machine. The security of virtual host directly affects the security of data storage. Virtual host shares the physical resources of host computer. Many malicious accesses can attack the side channel through shared resources, resulting in illegal access and leakage of data. A better cloud platform (cloud data center) needs to isolate shared resources through technical means, identify attacks by means of resource monitoring and behavior monitoring, and block attacks to ensure the security of tenant data.
Data Durable Availability
Data is critical for any tenant, and how to ensure that data stored in the cloud is not lost is the primary task. The RAID protection technology at the bottom of storage can only provide a part of data protection function. The best way to prevent data loss is to use multiple backups, providing local mirror protection, local archive backup space, remote data disaster preparedness protection and other protection strategies to ensure the persistent availability of data according to the service level agreement requirements of different tenants. Cloud platform (cloud data center) should provide various levels of data protection capabilities for different tenants through disk mirroring, data backup, data archiving, continuous data protection, remote data replication and other technologies to ensure that tenants’ data security is not lost.
With the vigorous development of cloud computing technology, the demand for transport and storage services has increased dramatically, and the data storage security has been paid more and more attention. With the development of technology, cloud platform (cloud data center) needs to carry out continuous reform and innovation, improve the construction of security system, and provide more secure and reliable data services for tenants. As a global optical interconnection design innovator, Gigalight provides a series of high-speed optical interconnection products with innovative designs and leading solutions for the storage area network construction of cloud data center, and strongly supports the data storage security construction of cloud data center.
This is an original article wrote by Gigalight. If reproduced, please indicate the source: https://www.gigalight.com/community/data-storage-security-in-cloud-data-center/